Ray from Sertora presents threat modeling as a security methodology for Stellar protocols, introducing the 4As framework (assets, actors, assumptions, attack vectors) to identify vulnerabilities, speed up audits, and improve protocol security before and during development.
Ray, senior researcher at Sertora, discusses threat modeling as a practical security tool for Stellar ecosystem projects. He introduces the 4As framework: assets (what the protocol protects), actors (addresses and contracts involved), assumptions (what the system assumes to be true), and attack vectors (potential attack families). Ray contrasts this with the Stellar Foundation's STRIDE model and explains how both complement each other. He emphasizes that threat modeling should be simple, transparent, and focused to be maintainable. The methodology helps teams identify security gaps early, speeds up audits, improves debugging, and demonstrates security posture to investors. Ray notes that threat modeling works well with AI and LLMs when used to validate and enhance human-written models, and mentions Sertora's participation in the Stellar Foundation's Audit Bank.